From: Thadeu Lima de Souza Cascardo <cascardo@holoscopio.com>
Date: Tue, 7 Jul 2009 18:06:01 +0000 (-0300)
Subject: Change anonymous SSL credentials to X.509 credentials.
X-Git-Tag: v0.1.3~26
X-Git-Url: http://git.cascardo.eti.br/?p=cascardo%2Frnetproxy.git;a=commitdiff_plain;h=d45a338204b37b044e9cf9c04415fb7f8af83e6e

Change anonymous SSL credentials to X.509 credentials.

We load files from the current directory, but must use files from the
configuration file.
---

diff --git a/hcconn_ssl.c b/hcconn_ssl.c
index cdcca97..1277207 100644
--- a/hcconn_ssl.c
+++ b/hcconn_ssl.c
@@ -34,30 +34,38 @@ struct ssl_data
 };
 
 #define DH_BITS 1024
-static gnutls_anon_server_credentials_t
-ssl_server_get_credentials (void)
+void *
+hc_conn_ssl_server_init_credentials (char *certfile, char *keyfile)
 {
   static int initialized = 0;
-  static gnutls_anon_server_credentials_t cred;
+  static gnutls_certificate_credentials_t cred;
   gnutls_dh_params_t dh_params;
   if (initialized)
     return cred;
   gnutls_dh_params_init (&dh_params);
   gnutls_dh_params_generate2 (dh_params, DH_BITS);
-  gnutls_anon_allocate_server_credentials (&cred);
-  gnutls_anon_set_server_dh_params (cred, dh_params);
+  gnutls_certificate_allocate_credentials (&cred);
+  gnutls_certificate_set_x509_key_file (cred, certfile, keyfile,
+                                        GNUTLS_X509_FMT_PEM);
+  gnutls_certificate_set_dh_params (cred, dh_params);
   initialized = 1;
   return cred;
 }
 
+static void *
+ssl_server_get_credentials(void)
+{
+  return hc_conn_ssl_server_init_credentials (NULL, NULL);
+}
+ 
 static void
 ssl_server_session_new (gnutls_session_t *session)
 {
-  static gnutls_anon_server_credentials_t cred;
+  static void *cred;
   cred = ssl_server_get_credentials ();
   gnutls_init (session, GNUTLS_SERVER);
-  gnutls_priority_set_direct (*session, "NORMAL:+ANON-DH", NULL);
-  gnutls_credentials_set (*session, GNUTLS_CRD_ANON, cred);
+  gnutls_priority_set_direct (*session, "NORMAL", NULL);
+  gnutls_credentials_set (*session, GNUTLS_CRD_CERTIFICATE, cred);
   gnutls_dh_set_prime_bits (*session, DH_BITS);
 }
 #undef DH_BITS
diff --git a/hcconn_ssl.h b/hcconn_ssl.h
index 019c053..2e1d500 100644
--- a/hcconn_ssl.h
+++ b/hcconn_ssl.h
@@ -24,5 +24,6 @@
 
 int hc_conn_set_driver_ssl_client (HCConn *, HCConn *);
 int hc_conn_set_driver_ssl_server (HCConn *, HCConn *);
+void * hc_conn_ssl_server_init_credentials (char *, char *);
 
 #endif
diff --git a/popproxy.c b/popproxy.c
index 713505c..f54c77c 100644
--- a/popproxy.c
+++ b/popproxy.c
@@ -264,6 +264,8 @@ int main (int argc, char **argv)
   g_free (conf_address);
   g_free (port);
 
+  hc_conn_ssl_server_init_credentials ("cert.pem", "key.pem");
+
   g_main_loop_run (g_main_loop_new (g_main_context_default (), TRUE));
 
   gnutls_global_deinit ();